This is a multi-part message in MIME format.

------=_NextPart_surgeweb_51614917_mpa=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

The best way actually to do this is to use the same autologin mechanism that=
 is used when "auto logging in" between the various netwin products. 
eg. webmail uses when logging in to user.cgi.

It is documented (albeit slightly cryptically) here:
http://www.netwinsite.com/webmail/admin_adv.htm

Basic concept is that you pass the encoded password to be stored in surgemai=
l usign the putp POP command (preferred) or to save the file directly on dis=
k. This gives you an "id" token which you pass out in your urls so that the =
password is never sent in plain text. 

Have a read of the "WebMail <--> External Program or Single Sign On, SSO" se=
ction in the above page.

Let me know if you cannot get it to work or have specific questions.

Marijn




--- Original message ---
Subject: Passing Passwords securely
From:  <surgemail-list@netwinsite.com>
To:  <(none)>
Date: 14/05/2009  4:23 AM

I would like to pass a password from my client to login to the mail admin se=
curely - Such as this - https://mail.yourdomain.com:7443/cgi/user.cgi?userna=
me=3dtony@mydomain.com password=3dWeakpassword. It will then automatically l=
ogin the user. But would it be possible to use an encrypted password that th=
e server will read if only from a certain IP? Such as the user clicks on a l=
ink from a control panel? Such as - https://mail.yourdomain.com:7443/cgi/use=
r.cgi?username=3dtony@mydomain.comor have it at least cloak the password in =
the URL 
 

------=_NextPart_surgeweb_51614917_mpa=

Last Next